2 * vim:ts=4:sw=4:expandtab
4 * © 2010-2013 Michael Stapelberg
6 * See LICENSE for licensing information
19 #include <security/pam_appl.h>
20 #include <X11/Xlib-xcb.h>
25 #include <X11/XKBlib.h>
26 #include <X11/extensions/XKBfile.h>
27 #include <xkbcommon/xkbcommon.h>
29 #include <cairo/cairo-xcb.h>
34 #include "unlock_indicator.h"
37 /* We need this for libxkbfile */
38 static Display *display;
39 char color[7] = "ffffff";
40 uint32_t last_resolution[2];
42 static xcb_cursor_t cursor;
43 static pam_handle_t *pam_handle;
44 int input_position = 0;
45 /* Holds the password you enter (in UTF-8). */
46 static char password[512];
47 static bool beep = false;
48 bool debug_mode = false;
49 static bool dpms = false;
50 bool unlock_indicator = true;
51 static bool dont_fork = false;
52 struct ev_loop *main_loop;
53 static struct ev_timer *clear_pam_wrong_timeout;
54 extern unlock_state_t unlock_state;
55 extern pam_state_t pam_state;
57 static struct xkb_state *xkb_state;
58 static struct xkb_context *xkb_context;
59 static struct xkb_keymap *xkb_keymap;
61 cairo_surface_t *img = NULL;
63 bool ignore_empty_password = false;
65 /* isutf, u8_dec © 2005 Jeff Bezanson, public domain */
66 #define isutf(c) (((c) & 0xC0) != 0x80)
69 * Decrements i to point to the previous unicode glyph
72 void u8_dec(char *s, int *i) {
73 (void)(isutf(s[--(*i)]) || isutf(s[--(*i)]) || isutf(s[--(*i)]) || --(*i));
76 static void turn_monitors_on(void) {
78 dpms_set_mode(conn, XCB_DPMS_DPMS_MODE_ON);
81 static void turn_monitors_off(void) {
83 dpms_set_mode(conn, XCB_DPMS_DPMS_MODE_OFF);
87 * Loads the XKB keymap from the X11 server and feeds it to xkbcommon.
88 * Necessary so that we can properly let xkbcommon track the keyboard state and
89 * translate keypresses to utf-8.
91 * Ideally, xkbcommon would ship something like this itself, but as of now
92 * (version 0.2.0), it doesn’t.
94 * TODO: Once xcb-xkb is enabled by default and released, we should port this
95 * code to xcb-xkb. See also https://github.com/xkbcommon/libxkbcommon/issues/1
98 static bool load_keymap(void) {
101 memset(&result, '\0', sizeof(result));
102 result.xkb = XkbGetKeyboard(display, XkbAllMapComponentsMask, XkbUseCoreKbd);
103 if (result.xkb == NULL) {
104 fprintf(stderr, "[i3lock] XKB: XkbGetKeyboard failed\n");
108 FILE *temp = tmpfile();
110 fprintf(stderr, "[i3lock] could not create tempfile\n");
114 bool ok = XkbWriteXKBKeymap(temp, &result, false, false, NULL, NULL);
116 fprintf(stderr, "[i3lock] XkbWriteXKBKeymap failed\n");
122 if (xkb_context == NULL) {
123 if ((xkb_context = xkb_context_new(0)) == NULL) {
124 fprintf(stderr, "[i3lock] could not create xkbcommon context\n");
129 if (xkb_keymap != NULL)
130 xkb_keymap_unref(xkb_keymap);
132 if ((xkb_keymap = xkb_keymap_new_from_file(xkb_context, temp, XKB_KEYMAP_FORMAT_TEXT_V1, 0)) == NULL) {
133 fprintf(stderr, "[i3lock] xkb_keymap_new_from_file failed\n");
137 struct xkb_state *new_state = xkb_state_new(xkb_keymap);
138 if (new_state == NULL) {
139 fprintf(stderr, "[i3lock] xkb_state_new failed\n");
143 /* Get the initial modifier state to be in sync with the X server.
144 * See https://github.com/xkbcommon/libxkbcommon/issues/1 for why we ignore
145 * the base and latched fields. */
146 XkbStateRec state_rec;
147 XkbGetState(display, XkbUseCoreKbd, &state_rec);
149 xkb_state_update_mask(new_state,
150 0, 0, state_rec.locked_mods,
151 0, 0, state_rec.locked_group);
153 if (xkb_state != NULL)
154 xkb_state_unref(xkb_state);
155 xkb_state = new_state;
159 XkbFreeKeyboard(result.xkb, XkbAllComponentsMask, true);
165 * Clears the memory which stored the password to be a bit safer against
169 static void clear_password_memory(void) {
170 /* A volatile pointer to the password buffer to prevent the compiler from
171 * optimizing this out. */
172 volatile char *vpassword = password;
173 for (int c = 0; c < sizeof(password); c++)
174 /* We store a non-random pattern which consists of the (irrelevant)
175 * index plus (!) the value of the beep variable. This prevents the
176 * compiler from optimizing the calls away, since the value of 'beep'
177 * is not known at compile-time. */
178 vpassword[c] = c + (int)beep;
183 * Resets pam_state to STATE_PAM_IDLE 2 seconds after an unsuccesful
184 * authentication event.
187 static void clear_pam_wrong(EV_P_ ev_timer *w, int revents) {
188 DEBUG("clearing pam wrong\n");
189 pam_state = STATE_PAM_IDLE;
190 unlock_state = STATE_STARTED;
193 /* Now free this timeout. */
194 ev_timer_stop(main_loop, clear_pam_wrong_timeout);
195 free(clear_pam_wrong_timeout);
196 clear_pam_wrong_timeout = NULL;
199 static void clear_input(void) {
201 clear_password_memory();
202 password[input_position] = '\0';
204 /* Hide the unlock indicator after a bit if the password buffer is
206 start_clear_indicator_timeout();
207 unlock_state = STATE_BACKSPACE_ACTIVE;
209 unlock_state = STATE_KEY_PRESSED;
212 static void input_done(void) {
213 if (clear_pam_wrong_timeout) {
214 ev_timer_stop(main_loop, clear_pam_wrong_timeout);
215 free(clear_pam_wrong_timeout);
216 clear_pam_wrong_timeout = NULL;
219 pam_state = STATE_PAM_VERIFY;
222 if (pam_authenticate(pam_handle, 0) == PAM_SUCCESS) {
223 DEBUG("successfully authenticated\n");
224 clear_password_memory();
225 /* Turn the screen on, as it may have been turned off
226 * on release of the 'enter' key. */
232 fprintf(stderr, "Authentication failure\n");
234 pam_state = STATE_PAM_WRONG;
238 /* Clear this state after 2 seconds (unless the user enters another
239 * password during that time). */
240 ev_now_update(main_loop);
241 if ((clear_pam_wrong_timeout = calloc(sizeof(struct ev_timer), 1))) {
242 ev_timer_init(clear_pam_wrong_timeout, clear_pam_wrong, 2.0, 0.);
243 ev_timer_start(main_loop, clear_pam_wrong_timeout);
246 /* Cancel the clear_indicator_timeout, it would hide the unlock indicator
248 stop_clear_indicator_timeout();
250 /* beep on authentication failure, if enabled */
258 * Called when the user releases a key. We need to leave the Mode_switch
259 * state when the user releases the Mode_switch key.
262 static void handle_key_release(xcb_key_release_event_t *event) {
263 xkb_state_update_key(xkb_state, event->detail, XKB_KEY_UP);
266 static void redraw_timeout(EV_P_ ev_timer *w, int revents) {
269 ev_timer_stop(main_loop, w);
274 * Handle key presses. Fixes state, then looks up the key symbol for the
275 * given keycode, then looks up the key symbol (as UCS-2), converts it to
276 * UTF-8 and stores it in the password array.
279 static void handle_key_press(xcb_key_press_event_t *event) {
285 ksym = xkb_state_key_get_one_sym(xkb_state, event->detail);
286 ctrl = xkb_state_mod_name_is_active(xkb_state, "Control", XKB_STATE_MODS_DEPRESSED);
287 xkb_state_update_key(xkb_state, event->detail, XKB_KEY_DOWN);
289 /* The buffer will be null-terminated, so n >= 2 for 1 actual character. */
290 memset(buffer, '\0', sizeof(buffer));
291 n = xkb_keysym_to_utf8(ksym, buffer, sizeof(buffer));
295 case XKB_KEY_KP_Enter:
296 case XKB_KEY_XF86ScreenSaver:
297 if (ignore_empty_password && input_position == 0) {
301 password[input_position] = '\0';
302 unlock_state = STATE_KEY_PRESSED;
309 DEBUG("C-u pressed\n");
319 case XKB_KEY_BackSpace:
320 if (input_position == 0)
323 /* decrement input_position to point to the previous glyph */
324 u8_dec(password, &input_position);
325 password[input_position] = '\0';
327 /* Hide the unlock indicator after a bit if the password buffer is
329 start_clear_indicator_timeout();
330 unlock_state = STATE_BACKSPACE_ACTIVE;
332 unlock_state = STATE_KEY_PRESSED;
336 if ((input_position + 8) >= sizeof(password))
340 /* FIXME: handle all of these? */
341 printf("is_keypad_key = %d\n", xcb_is_keypad_key(sym));
342 printf("is_private_keypad_key = %d\n", xcb_is_private_keypad_key(sym));
343 printf("xcb_is_cursor_key = %d\n", xcb_is_cursor_key(sym));
344 printf("xcb_is_pf_key = %d\n", xcb_is_pf_key(sym));
345 printf("xcb_is_function_key = %d\n", xcb_is_function_key(sym));
346 printf("xcb_is_misc_function_key = %d\n", xcb_is_misc_function_key(sym));
347 printf("xcb_is_modifier_key = %d\n", xcb_is_modifier_key(sym));
353 /* store it in the password array as UTF-8 */
354 memcpy(password+input_position, buffer, n-1);
355 input_position += n-1;
356 DEBUG("current password = %.*s\n", input_position, password);
358 unlock_state = STATE_KEY_ACTIVE;
360 unlock_state = STATE_KEY_PRESSED;
362 struct ev_timer *timeout = calloc(sizeof(struct ev_timer), 1);
364 ev_timer_init(timeout, redraw_timeout, 0.25, 0.);
365 ev_timer_start(main_loop, timeout);
368 stop_clear_indicator_timeout();
372 * A visibility notify event will be received when the visibility (= can the
373 * user view the complete window) changes, so for example when a popup overlays
374 * some area of the i3lock window.
376 * In this case, we raise our window on top so that the popup (or whatever is
377 * hiding us) gets hidden.
380 static void handle_visibility_notify(xcb_connection_t *conn,
381 xcb_visibility_notify_event_t *event) {
382 if (event->state != XCB_VISIBILITY_UNOBSCURED) {
383 uint32_t values[] = { XCB_STACK_MODE_ABOVE };
384 xcb_configure_window(conn, event->window, XCB_CONFIG_WINDOW_STACK_MODE, values);
390 * Called when the keyboard mapping changes. We update our symbols.
393 static void handle_mapping_notify(xcb_mapping_notify_event_t *event) {
394 /* We ignore errors — if the new keymap cannot be loaded it’s better if the
395 * screen stays locked and the user intervenes by using killall i3lock. */
400 * Called when the properties on the root window change, e.g. when the screen
401 * resolution changes. If so we update the window to cover the whole screen
402 * and also redraw the image, if any.
405 void handle_screen_resize(void) {
406 xcb_get_geometry_cookie_t geomc;
407 xcb_get_geometry_reply_t *geom;
408 geomc = xcb_get_geometry(conn, screen->root);
409 if ((geom = xcb_get_geometry_reply(conn, geomc, 0)) == NULL)
412 if (last_resolution[0] == geom->width &&
413 last_resolution[1] == geom->height) {
418 last_resolution[0] = geom->width;
419 last_resolution[1] = geom->height;
425 uint32_t mask = XCB_CONFIG_WINDOW_WIDTH | XCB_CONFIG_WINDOW_HEIGHT;
426 xcb_configure_window(conn, win, mask, last_resolution);
429 xinerama_query_screens();
434 * Callback function for PAM. We only react on password request callbacks.
437 static int conv_callback(int num_msg, const struct pam_message **msg,
438 struct pam_response **resp, void *appdata_ptr)
443 /* PAM expects an array of responses, one for each message */
444 if ((*resp = calloc(num_msg, sizeof(struct pam_response))) == NULL) {
449 for (int c = 0; c < num_msg; c++) {
450 if (msg[c]->msg_style != PAM_PROMPT_ECHO_OFF &&
451 msg[c]->msg_style != PAM_PROMPT_ECHO_ON)
454 /* return code is currently not used but should be set to zero */
455 resp[c]->resp_retcode = 0;
456 if ((resp[c]->resp = strdup(password)) == NULL) {
466 * This callback is only a dummy, see xcb_prepare_cb and xcb_check_cb.
467 * See also man libev(3): "ev_prepare" and "ev_check" - customise your event loop
470 static void xcb_got_event(EV_P_ struct ev_io *w, int revents) {
471 /* empty, because xcb_prepare_cb and xcb_check_cb are used */
475 * Flush before blocking (and waiting for new events)
478 static void xcb_prepare_cb(EV_P_ ev_prepare *w, int revents) {
483 * Instead of polling the X connection socket we leave this to
484 * xcb_poll_for_event() which knows better than we can ever know.
487 static void xcb_check_cb(EV_P_ ev_check *w, int revents) {
488 xcb_generic_event_t *event;
490 while ((event = xcb_poll_for_event(conn)) != NULL) {
491 if (event->response_type == 0) {
492 xcb_generic_error_t *error = (xcb_generic_error_t*)event;
494 fprintf(stderr, "X11 Error received! sequence 0x%x, error_code = %d\n",
495 error->sequence, error->error_code);
500 /* Strip off the highest bit (set if the event is generated) */
501 int type = (event->response_type & 0x7F);
504 handle_key_press((xcb_key_press_event_t*)event);
507 case XCB_KEY_RELEASE:
508 handle_key_release((xcb_key_release_event_t*)event);
510 /* If this was the backspace or escape key we are back at an
511 * empty input, so turn off the screen if DPMS is enabled */
512 if (input_position == 0)
517 case XCB_VISIBILITY_NOTIFY:
518 handle_visibility_notify(conn, (xcb_visibility_notify_event_t*)event);
523 /* After the first MapNotify, we never fork again. We don’t
524 * expect to get another MapNotify, but better be sure… */
527 /* In the parent process, we exit */
531 ev_loop_fork(EV_DEFAULT);
535 case XCB_MAPPING_NOTIFY:
536 handle_mapping_notify((xcb_mapping_notify_event_t*)event);
539 case XCB_CONFIGURE_NOTIFY:
540 handle_screen_resize();
549 * This function is called from a fork()ed child and will raise the i3lock
550 * window when the window is obscured, even when the main i3lock process is
551 * blocked due to PAM.
554 static void raise_loop(xcb_window_t window) {
555 xcb_connection_t *conn;
556 xcb_generic_event_t *event;
559 if ((conn = xcb_connect(NULL, &screens)) == NULL ||
560 xcb_connection_has_error(conn))
561 errx(EXIT_FAILURE, "Cannot open display\n");
563 /* We need to know about the window being obscured or getting destroyed. */
564 xcb_change_window_attributes(conn, window, XCB_CW_EVENT_MASK,
566 XCB_EVENT_MASK_VISIBILITY_CHANGE |
567 XCB_EVENT_MASK_STRUCTURE_NOTIFY
571 DEBUG("Watching window 0x%08x\n", window);
572 while ((event = xcb_wait_for_event(conn)) != NULL) {
573 if (event->response_type == 0) {
574 xcb_generic_error_t *error = (xcb_generic_error_t*)event;
575 DEBUG("X11 Error received! sequence 0x%x, error_code = %d\n",
576 error->sequence, error->error_code);
580 /* Strip off the highest bit (set if the event is generated) */
581 int type = (event->response_type & 0x7F);
582 DEBUG("Read event of type %d\n", type);
584 case XCB_VISIBILITY_NOTIFY:
585 handle_visibility_notify(conn, (xcb_visibility_notify_event_t*)event);
587 case XCB_UNMAP_NOTIFY:
588 DEBUG("UnmapNotify for 0x%08x\n", (((xcb_unmap_notify_event_t*)event)->window));
589 if (((xcb_unmap_notify_event_t*)event)->window == window)
592 case XCB_DESTROY_NOTIFY:
593 DEBUG("DestroyNotify for 0x%08x\n", (((xcb_destroy_notify_event_t*)event)->window));
594 if (((xcb_destroy_notify_event_t*)event)->window == window)
598 DEBUG("Unhandled event type %d\n", type);
605 int main(int argc, char *argv[]) {
607 char *image_path = NULL;
609 struct pam_conv conv = {conv_callback, NULL};
610 int curs_choice = CURS_NONE;
613 struct option longopts[] = {
614 {"version", no_argument, NULL, 'v'},
615 {"nofork", no_argument, NULL, 'n'},
616 {"beep", no_argument, NULL, 'b'},
617 {"dpms", no_argument, NULL, 'd'},
618 {"color", required_argument, NULL, 'c'},
619 {"pointer", required_argument, NULL , 'p'},
620 {"debug", no_argument, NULL, 0},
621 {"help", no_argument, NULL, 'h'},
622 {"no-unlock-indicator", no_argument, NULL, 'u'},
623 {"image", required_argument, NULL, 'i'},
624 {"tiling", no_argument, NULL, 't'},
625 {"ignore-empty-password", no_argument, NULL, 'e'},
626 {NULL, no_argument, NULL, 0}
629 if ((username = getenv("USER")) == NULL)
630 errx(1, "USER environment variable not set, please set it.\n");
632 while ((o = getopt_long(argc, argv, "hvnbdc:p:ui:te", longopts, &optind)) != -1) {
635 errx(EXIT_SUCCESS, "version " VERSION " © 2010-2012 Michael Stapelberg");
648 /* Skip # if present */
652 if (strlen(arg) != 6 || sscanf(arg, "%06[0-9a-fA-F]", color) != 1)
653 errx(1, "color is invalid, it must be given in 3-byte hexadecimal format: rrggbb\n");
658 unlock_indicator = false;
661 image_path = strdup(optarg);
667 if (!strcmp(optarg, "win")) {
668 curs_choice = CURS_WIN;
669 } else if (!strcmp(optarg, "default")) {
670 curs_choice = CURS_DEFAULT;
672 errx(1, "i3lock: Invalid pointer type given. Expected one of \"win\" or \"default\".\n");
676 ignore_empty_password = true;
679 if (strcmp(longopts[optind].name, "debug") == 0)
683 errx(1, "Syntax: i3lock [-v] [-n] [-b] [-d] [-c color] [-u] [-p win|default]"
684 " [-i image.png] [-t] [-e]"
689 /* We need (relatively) random numbers for highlighting a random part of
690 * the unlock indicator upon keypresses. */
694 ret = pam_start("i3lock", username, &conv, &pam_handle);
695 if (ret != PAM_SUCCESS)
696 errx(EXIT_FAILURE, "PAM: %s", pam_strerror(pam_handle, ret));
698 /* Using mlock() as non-super-user seems only possible in Linux. Users of other
699 * operating systems should use encrypted swap/no swap (or remove the ifdef and
700 * run i3lock as super-user). */
701 #if defined(__linux__)
702 /* Lock the area where we store the password in memory, we don’t want it to
703 * be swapped to disk. Since Linux 2.6.9, this does not require any
704 * privileges, just enough bytes in the RLIMIT_MEMLOCK limit. */
705 if (mlock(password, sizeof(password)) != 0)
706 err(EXIT_FAILURE, "Could not lock page in memory, check RLIMIT_MEMLOCK");
709 /* Initialize connection to X11 */
710 if ((display = XOpenDisplay(NULL)) == NULL)
711 errx(EXIT_FAILURE, "Could not connect to X11, maybe you need to set DISPLAY?");
712 XSetEventQueueOwner(display, XCBOwnsEventQueue);
713 conn = XGetXCBConnection(display);
715 /* Double checking that connection is good and operatable with xcb */
716 if (xcb_connection_has_error(conn))
717 errx(EXIT_FAILURE, "Could not connect to X11, maybe you need to set DISPLAY?");
719 /* When we cannot initially load the keymap, we better exit */
721 errx(EXIT_FAILURE, "Could not load keymap");
724 xinerama_query_screens();
726 /* if DPMS is enabled, check if the X server really supports it */
728 xcb_dpms_capable_cookie_t dpmsc = xcb_dpms_capable(conn);
729 xcb_dpms_capable_reply_t *dpmsr;
730 if ((dpmsr = xcb_dpms_capable_reply(conn, dpmsc, NULL))) {
731 if (!dpmsr->capable) {
733 fprintf(stderr, "Disabling DPMS, X server not DPMS capable\n");
740 screen = xcb_setup_roots_iterator(xcb_get_setup(conn)).data;
742 last_resolution[0] = screen->width_in_pixels;
743 last_resolution[1] = screen->height_in_pixels;
745 xcb_change_window_attributes(conn, screen->root, XCB_CW_EVENT_MASK,
746 (uint32_t[]){ XCB_EVENT_MASK_STRUCTURE_NOTIFY });
749 /* Create a pixmap to render on, fill it with the background color */
750 img = cairo_image_surface_create_from_png(image_path);
751 /* In case loading failed, we just pretend no -i was specified. */
752 if (cairo_surface_status(img) != CAIRO_STATUS_SUCCESS) {
753 fprintf(stderr, "Could not load image \"%s\": %s\n",
754 image_path, cairo_status_to_string(cairo_surface_status(img)));
759 /* Pixmap on which the image is rendered to (if any) */
760 xcb_pixmap_t bg_pixmap = draw_image(last_resolution);
762 /* open the fullscreen window, already with the correct pixmap in place */
763 win = open_fullscreen_window(conn, screen, color, bg_pixmap);
764 xcb_free_pixmap(conn, bg_pixmap);
767 /* The pid == -1 case is intentionally ignored here:
768 * While the child process is useful for preventing other windows from
769 * popping up while i3lock blocks, it is not critical. */
772 close(xcb_get_file_descriptor(conn));
777 cursor = create_cursor(conn, screen, win, curs_choice);
779 grab_pointer_and_keyboard(conn, screen, cursor);
780 /* Load the keymap again to sync the current modifier state. Since we first
781 * loaded the keymap, there might have been changes, but starting from now,
782 * we should get all key presses/releases due to having grabbed the
788 /* Initialize the libev event loop. */
789 main_loop = EV_DEFAULT;
790 if (main_loop == NULL)
791 errx(EXIT_FAILURE, "Could not initialize libev. Bad LIBEV_FLAGS?\n");
793 struct ev_io *xcb_watcher = calloc(sizeof(struct ev_io), 1);
794 struct ev_check *xcb_check = calloc(sizeof(struct ev_check), 1);
795 struct ev_prepare *xcb_prepare = calloc(sizeof(struct ev_prepare), 1);
797 ev_io_init(xcb_watcher, xcb_got_event, xcb_get_file_descriptor(conn), EV_READ);
798 ev_io_start(main_loop, xcb_watcher);
800 ev_check_init(xcb_check, xcb_check_cb);
801 ev_check_start(main_loop, xcb_check);
803 ev_prepare_init(xcb_prepare, xcb_prepare_cb);
804 ev_prepare_start(main_loop, xcb_prepare);
806 /* Invoke the event callback once to catch all the events which were
807 * received up until now. ev will only pick up new events (when the X11
808 * file descriptor becomes readable). */
809 ev_invoke(main_loop, xcb_check, 0);
810 ev_loop(main_loop, 0);